North Korea To Send More IT Workers Abroad To Intensify Crypto Hacks, Help Fund Military

U.S. and South Korean officials have sounded alarm over North Korea's plans to send more information technology (IT) workers overseas to help fund its military's weapons program.

Jung Pak, the deputy special representative for the Democratic People's Republic of Korea, North Korea's formal name, said the secluded country prepares to unleash its IT workers in anticipation of easing its strict COVID-19 lockdown.

"This is a growth industry, because as we see the DPRK potentially opening up borders, they could be dispatching additional laborers to all parts of the world to generate revenue," Pak said, Bloomberg reported.

"We think it's actively getting worse," the American diplomat added.

According to the Treasury Department, China and Russia, North Korea's closest allies, accommodate most of the country's highly-skilled overseas IT workers.

North Korean workers "deliberately obfuscate their identities, locations, and nationalities, typically using fake personas, proxy accounts, stolen identities, and falsified or forged documentation to apply for jobs," the Treasury Department added.

They have also appeared to target companies in rich countries, specifically in business, health and fitness, social networking, sports, entertainment, and lifestyle.

In some cases, North Korean IT workers can each earn more than $300,000 per year, use virtual currency exchanges and trading platforms to receive the payments for their contract work and launder them back to their home country.

The Treasury Department also revealed that most North Korean IT workers are "subordinate to, and working on behalf of" the socialist state's weapons of mass destruction (WMD) and ballistic missile programs.

Part of the IT workers' activities is assisting North Korean officials in procuring items related to its weapons program.

One example is the North Korea-based Chinyong Information Technology Corporation Company, also known as Jinyong IT Corporation, which employs IT workers in Russia and Laos.

Kim Sang Man, a Chinyong office representative in Vladivostok, Russia, was reportedly involved in selling and transferring IT equipment for North Korea as recently as 2021. He also received cryptocurrency transfers from IT workers in China and Russia, valued at over $2 million.

The U.S. and South Korea said North Korean leader Kim Jong Un had shifted his regime's illegal money-making scheme to cyberspace, as Western-imposed sanctions and the COVID-19 pandemic further isolated the country from the rest of the world.

In cyberspace, North Korea sees cryptocurrency and IT as a "new frontier" to generate revenues, Lee Jun-il, the director general for North Korean nuclear issues at South Korea's Foreign Ministry, said.

"Since they closed down their border, and their other revenue streams suffered, they have increasingly concentrated on making money out of cyberspace, and as the cryptocurrency market grows, they find more vulnerabilities in the sector," Lee said.

According to a report by the U.N. Panel of Experts last March, North Korean cybercrime actors stole an estimated $630 million to over $1 billion worth of virtual currency in 2022.

In response to North Korea's cybercrime activities, the Treasury Department has designated several North Korean entities that trained cyber actors and provided tools for illicit activities, such as the Pyongyang University of Automation, Chinyong, the Technical Reconnaissance Bureau and its subordinate unit, the 110th Research Center.